Security Alert

Stay Sharp While Using AI 

As AI grows in popularity, staying aware of potential risks and challenges associated with these powerful technologies is essential. 

AI undoubtedly provides significant value to daily tasks and research, but it is crucial to exercise caution and diligence when leveraging AI products. The data input into these tools is often used to train future AI models. The saved data poses a risk of accidental release to external parties querying the same tool you are using or simply as a third-party breach risk. Some tools have lenient privacy or security policies that do not sufficiently protect The University’s data or users’ privacy. 

OIT would like to emphasize a few key considerations when using AI tools: 

Consult OIT for Guidance: 

  • In situations of uncertainty or when navigating the complexities of AI integration, please contact the Office of Information Technology (OIT) for guidance by emailing us at itsd@ua.edu. 

Exercise Caution with Your or Someone Else’s Personal Information 

  • Sensitive information should never be entered into AI tools. Examples include your email, CWID, Social Security Number, or medical records. 

Secure Evaluation of Communication Tools 

  • In the case of AI meeting, email, or calendar management tools, use test accounts that lack access to sensitive or restricted information. Third-party tools may utilize meeting recordings or other participant data to train their models or for other purposes, which is why it is important to limit these tools’ access to UA data. 
  • Avoid having meetings where confidential matters are discussed until the tool’s security and privacy features have been thoroughly vetted. 
  • Do not link AI tools to your work email account unless The University has a contract with and is providing that tool. This is crucial to prevent potential breaches of FERPA, HIPAA, and other regulatory requirements. 

Prioritize Software Solutions on OIT’s Website 

  • Before using AI tools online, ensure that The University does not already have a similar solution at oit.ua.edu/software. 

By sticking to these guidelines, we can proactively avoid or minimize risks associated with AI and keep The University of Alabama safe from cyber attacks or data breaches. Faculty should also consult the guidelines provided by Academic Affairs as a resource. As we collectively strive to leverage the benefits of AI, we must prioritize the security and privacy of our data. 

June 5 Phishing Email

On Monday, June 5, many UA students, faculty and staff received a scam email. The subject of the message could be “Now Hiring for Summer Employment” or a variation related to employment, and it appears to be from a Winthrop University email about “The Dimax Centre for Disability Services Council.” This is not a message from Winthrop or a disability services council and should not be engaged with. If you received this message, please mark it as spam in Outlook. If you have any questions, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

May 9 Social Media Warning

On Tuesday, May 9, someone who appears to be a former student posted on the Alabama Student Ticket Exchange Facebook page, offering to make a master list for students’ class assignments. Remember to NEVER give out your MyBama login information or CWID to someone on the internet.

OIT to Implement Additional Email Security in January 2023

Beginning in January 2023, OIT will implement new email security features to help students, faculty and staff better recognize phishing emails. These new security measures utilize mailbox intelligence and recognize email user patterns.

Outlook will provide safety tips for inbound mail that comes from new or unusual senders. Below is a screenshot example.

"You don't often get mail from this address."

The mailbox intelligence will also better recognize impersonation attempts. UA students, faculty and staff often receive impersonation phishing emails where messages are sent from addresses similar to a known contact. If a message is marked as an impersonated user, it will be delivered to the recipient’s Junk folder and contain an alert.

Simulated Phishing

This fall, OIT will begin sending simulated phishing emails to UA students, faculty and staff. The simulated phishing emails will imitate real phishing emails to better equip UA community members to recognize phishing attacks. Learn more on the OIT website.

July 18 Phishing Email

On Monday, July 18, many UA students, faculty and staff received a scam email. The subject of the message was “NOTICE BY ADMIN VERIFY YOUR OFFICE 365”. This is not a message from UA or Microsoft Office 365. If you received this message, please mark it as spam in Outlook. If you have any questions, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

July 18 phishing email

July 16 Phishing Email

On Saturday, July 16, many UA students, faculty and staff received a scam email. The subject of the message was “MEMO FROM HR”. This is not a message from UA Human Resources or Microsoft Office 365. If you received this message, please mark it as spam in Outlook. If you have any questions, contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Spam message pretending to be UA HR

OIT Security to Install Microsoft Defender

Starting in July, OIT will be transitioning campus machines from McAfee antivirus to Microsoft Defender. OIT will be performing this software update remotely. Faculty and staff may notice a logo change in the toolbar; however, no action is required of end users. If machines are off campus, they will receive the new software when they return to campus or connect to VPN.

If you experience any issues please contact the IT Service Desk at itsd@ua.edu or 205-348-5555.

Alabama.Gov Phishing Scam

OIT Security has been made aware of a phishing attack targeting the Alabama.gov Procurement website.

A phishing/scam site has been set up that appears to look like the Alabama.gov website. If users were to visit this website and click the “CLICK HERE TO BID” button, it prompts for email login information. This is phishing scam that attempts to steal account credentials. If you receive any email directing you to this website, be sure and mark it as phishing in Outlook. Additional security tips are available on the OIT website.

alabama.gov phishing website

A new look is coming to Duo!

Last year, Duo rolled out updates to its mobile application. This year, Duo is introducing a new look to the Duo prompt that users see when accessing applications. Below are examples of the old and new Duo prompts.


old duo prompt with options to verify
Old Duo Prompt


new duo prompt with autopush
New Duo Prompt


OIT will be applying the new prompt to various Duo-required applications throughout the spring semester. The largest change will occur on Wednesday, May 18 when OIT will apply the new look to Microsoft 365 and myBama.

The new prompt provides a visual and technical redesign. The new Duo prompt remembers a user’s last-used authentication method and displays that option by default. Users will not see other available login methods until they click “other options.” If push (recommended) is the last-used authentication method, Duo will automatically send a Duo push to the user’s device without needing to click a button.

Duo will continue to allow for push notifications, calls and passcodes. Please note, OIT recommends all UA students, faculty and staff use the push notification option as it provides additional login details in the mobile app.


Frequently Asked Questions

What’s different with the new Duo prompt?

The new look provides a visual and technical redesign of the traditional Duo prompt. The new prompt offers an updated appearance and a few noteworthy technical changes.

The new Duo prompt remembers a user’s last-used authentication method and displays that option by default. Users will not see other available login methods until they click “other options.” If push (recommended) is the last-used authentication method, Duo will automatically send a Duo push to the user’s device without needing to click a button.

Why do I see a “Trust browser” prompt after I log in?

Rather than checking a box to “remember me for 30 days” users can select to trust their browser. This option should only be used on personal machines that are password protected.

How can I edit or add a new device?

Users can add or edit their available devices by clicking “other options” in the prompt, then selecting “Manage devices.” From there, users can view a listing of current devices and make edits.

more options to authenticate with duo